how-to block ads
|
ilago
Premium
join:2005-06-28
Australia
 ·Internode
|  ISP Based Contextual Advertising
quote:
BT, Virgin Media, and Carphone Warehouse have agreed to feed data on their subscribers' web activities to Phorm. Data will be fed into the Open Internet Exchange, Phorm's advertising network, where advertisers will pay to target interest groups. Frequent visits to the BBC's Top Gear site might result in being served up more car ads, for example.
Covered in two articles in the Register.
»www.theregister.co.uk/2008/02/25···rtising/
»www.theregister.co.uk/2008/02/29···targets/
quote:
TalkTalk, BT and Virgin Media, the three biggest broadband providers in the country with more than nine million customers, last week announced a deal with Ertugrul's Aim-listed Phorm that will put 'targeted advertising' in front of millions of internet users.
»www.thisismoney.co.uk/investing-···age_id=3
The company providing this service is Phorm. Phorm's "Open Internet Exchange (OIX) is an online advertising broker service. With offices in New York, London and Moscow, Phorm (AIM: PHRM, PHRX) is a Delaware, US incorporated company, publicly listed on the London Stock Exchange's Alternative Investment Market (AIM) since 2004" »www.phorm.com/oix/
Their Open Exchange site OXI.com resolves to 203.93.173.3 and seems to be a Chinese web server according to Dnsstuff.com. However, a traceroute carried out from your location will always stop at a point somewhere near. If you are in Belgium, the final hop will be in Belgium. If you are in Australia it stops at »www.telstra.net/cgi-bin/trace?oix.com
quote:
For years now, ISPs have been searching for alternative revenue streams to avoid just being "dumb pipes." A few years ago, they picked up on the fact that they have a tremendous amount of data about what you (yes, you!) do online. A bunch of ISPs then started selling your clickstream data to companies that could do something useful with it (though, those ISPs probably neglected to tell you they were doing this). Late last year, we heard about a company that was trying to work with ISPs to make use of that data themselves to insert their own ads based on your surfing history -- and now we've got the first report of some big ISPs moving into this realm. Over in the UK three big ISPs, BT, Carphone Warehouse and Virgin Media have announced plans to use your clickstream data to insert relevant ads as you surf through a new startup called Phorm.
http://techdirt.com/articles/20080218/024203278.shtml?KeepThis=true&TB_iframe=true&height=400&width=780
Phorm has Kent Ertugrul at the wheel and is using Russian expertise to develop the product. He was a principal in 121 Media. 121Media has from in the malware world. It was the provider of ContextPlus and the Apropos rootkit http://www.symantec.com/security_response/writeup.jsp?docid=2005-102112-2934-99&tabid=2 forced adware "products". Malware removers will be familiar with that "product" and from memory I was still removing this until relatively recently, despite this article on zdnet advising that 121Media had withdrawn from that market.
quote:
...Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software....
...Not surprisingly, the company is blaming its affiliates — sounds familiar, yes? According to this article, several high-level investigations are underway. ContextPlus also is responsible for PeopleOnPage...
http://blogs.zdnet.com/Spyware/?p=820
More Information on 121Media
http://www.independent.co.uk/news/business/analysis-and-features/small-talk-spyware-company-has-its-eye-on-a-fund-raiser-534944.html
How Phorm uses the customer's internet connection to serve the contextual advertising opens a few issues to do with Privacy and Security. It's unlikely that Phorm will only be selling this service to the UK, it's very likely that we'll see this from ISPs in other countries, which would include the USA, Australia, New Zealand and European countries that don't have explicit laws preventing this type of activity. There is apparently an opt-out available, but very little has been published at all by any of the ISPs that have apparently contracted these services. British Telecom is rumoured to be expecting 85 million pounds per annum. .
The proposed Phorm model snipped
quote:
For users who don't opt out, the way the system works is much more clear (see "Active mode" slide). Hit a link in your browser and the HTTP request will be intercepted by the ACE and rerouted to Phorm's Anonymiser. Having hijacked the request, the Anonymiser can then set a tracking cookie, which it keeps hold of.
Without a response, the browser resubmits its request for the web page you want to visit. It is again rerouted to Phorm, but only as far as the F5 hardware, which bounces it on to the website you originally wanted, but also sends a copy of the request to Phorm's profiler kit.
The website reruns the content you want, which is again intercepted by the ACE. A copy of the page contents is sent to the Profiler, this time with the cookie in tow. If the publisher of the page is a member of the OIX, keywords in the page can be used to target ads. Finally the page is served up on your screen, and if everything is worked correctly, the browser and the user should be none the
As the process iterates the cookie will sit there, gradually building up a profile of your interests as you browse. It doesn't matter if most of the websites you visit aren't members of the OIX - their content will go towards targeting adverts on those that are.
http://www.theregister.co.uk/2008/02/29/phorm_documents/
In Australia we are looking at our own government introducing ISP based porn filtering.
http://www.australianit.news.com.au/story/0,24897,23274585-15306,00.html | |
|  mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
| Re: ISP Based Contextual Advertising This issue has come up in the News forum. I'll repeat what I said there. There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. I apologize to anyone here who depends on that income to fund their websites, but as usual, the greedy will spoil things for others.
The troubling part is that those most likely to spend times on security websites are the same people that are capable of blocking the ads. The notoriety that this is garnering has convinced me that it is time to adjust my privoxy rulesets to allow ads from sites that I learn things from. I will have to think about how to tell if ads are being redirected. | |
| |
ilago
Premium
join:2005-06-28
Australia
·Internode
| Re: ISP Based Contextual Advertising said by mikenolan7  : There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. I am a great deal more concerned about the company that is collecting the data and providing the advertising than whether my ISP has my personal data. I could hardly have internet access if they didn't.
Many of the regulars in this forum are also interested and active in malware removal and will be familiar with the Apropos rootkit and other products from 121 Media.
Is Phorm just same horse, different color and should they be permitted to legally "intercept" your net activity to provide contextual based advertising.
I'd also like some further real technical information about the proposed interception of requests to enable context based advertising. There is a possibility that you may not be able to control it as easily as you think in the future. I've posted what seems to happen with traceroute and there are a few other things I've noted that really need a lot of clarification.
There is more to this than your relationship with your ISP, this is them making money from selling your data which is then outside their control and yours. | |
| 
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | I wonder if disabling "Access data sources across domains" will thwart this to some degree? | |
| | | 
anon101
@cox.net
| Wow! Just what we all need. More stuff to "enhance our viewing pleasures and experiences"!
Does anyone have a link to a site that is using this stuff? I really don't want or need to have my viewing experience enhanced. My hosts file and ad blocking is patiently awaiting.  | |
| 
MeDuZa
join:2003-06-13
Austria
| said by mikenolan7 :There isn't anything we can do about our ISP's collecting data on us, but it's very easy to prevent ads from making it to our desktops. Snooping into my browsing habits is no one's business. Preventing ads from making it to our desktops is so far irrelevant. Boycotting those ISPs is the only thing the user can do.
said by ilago :Many of the regulars in this forum are also interested and active in malware removal and will be familiar with the Apropos rootkit and other products from 121 Media. Is Phorm just same horse, different color and should they be permitted to legally "intercept" your net activity to provide contextual based advertising. In this case no matter what kind of horse is Phorm, ISPs are to blame first and only.
No third party should be permitted to legally "intercept" your net activity.
--
Reality corrupted. Reboot universe? (Y/N) | |
| SUMware
Premium
join:2002-05-21
| From The BBC
12 March 2008 - quote:
Campaign body the Open Rights Group (ORG) has called for further detail on the workings of ad system Phorm.
BT, Virgin and Talk Talk have signed up to trial the system, which intercepts users' web surfing to analyse habits.
In a statement ORG said: "Question marks are beginning to appear over Phorm's compliance with the law.
"Can ISPs' employment of Phorm comply with the Data Protection Act? Is intercepting traffic in this manner an offence under section 1 of Ripa (the Regulation of Investigatory Powers Act)?"
There is concern that the interception of users web surfing data may contravene Ripa, which makes the interception of any transmission across a public telecommunication system illegal without the explicit consent of users.
| |
| | SUMware
Premium
join:2002-05-21
2 edits | Also: »Phorm - Coming to America?
From Dephormation Firefox Add On quote:
Don't let Phorm/Webwise force you to opt in by default.
Download the Dephormation v1.2 Firefox Add On [visit site].
Why you should be concerned about Kent Ertugrul and Phorm
The Dephormation Add On ensures that your decision to opt out of Phorm profiling cannot be undone.
Optionally, the Add On can also alert you to sites using Phorm/Webwise/OIX profile based advertising.
With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly.
But Dephormation is not a solution. Its a fig leaf for your privacy.
Phorm's webwise product presents so many security/privacy risks it should never be implemented.
Note that Dephormation cannot protect applications like iTunes, Google Earth, other browers such as Lynx and Internet Explorer, instant messaging applications, remote desktop tools, RSS/ATOM feed readers, or external images embedded in HTML email.
www.badphorm.co.uk
www.politicalpenguin.org.uk
Petition to the UK Prime Minister
www.StopPhorm.bebo.com
Complain to your ISP. Your MP.
And the Information Commissioner.
Stop Phorm. Protect your right to privacy.
[Note by SUMware - I am not personally familiar with this addon] | |
| | | | SUMware
Premium
join:2002-05-21
1 edit | Re: ISP Based Contextual Advertising Whoa! Thanks.
NebuAd Services Privacy Policy: US / Canada Version
How it works:
ATM for ISPs or Spy in a Box?
NebuAd installs equipment inside facilities of ISPs to glean deeper insights
Dec. 10, 2007 - quote:
NebuAd installs equipment inside the facilities of Internet service providers (ISPs), which see everything their customers do online. NebuAd's boxes examine many of the sites people visit, what they do there and what they hunt for on search engines.
The company won't say how many carriers or advertisers it works with, though CEO Bob Dykes said Internet providers representing millions of customers run NebuAd's system to let it gather information. In return, they get a share of the revenue from advertising NebuAd places.
The only ISP known to be working with NebuAd is Monroe, La.-based CenturyTel Inc., which has 530,000 broadband subscribers scattered throughout the country. NebuAd says some of the largest ISPs are at least testing the service.
Aspects of NebuAd's technique are already in play. For example, besides cookies, many online retailers deploy "clickstream analysis" tools that monitor what customers do on a given site — what they browse, what they read, which items they put in their shopping carts but fail to buy.
| |
| SUMware
Premium
join:2002-05-21
| From The Register
12th March 2008 - said by The Register :
In a fresh blow to its hopes of winning consumer acceptance, a top three anti-malware firm has said it will very likely include Phorm's targeting cookies in its adware warning database.
Trend Micro told The Register: "The nature of Phorm's monitoring of all user web activity is certainly of some concern, and there is a very high chance that Trend Micro would add detection for the tracking cookies as adware in order to protect customers.
"Obviously, as with other adware/spyware Trend Micro would need to constantly monitor things like... how aware users are that they are being tracked and whether the user has the ability to completely opt out of the service."
If Trend adds detection for Phorm then millions of home computers running a scan using its protection software would get a warning that their ISPs have dropped either a Phorm opt-in or an opt-out cookie onto their systems.
PC Tools, another large anti-malware firm, based in Australia, echoed Trend Micro's concerns for its customers' privacy and security. It said in a statement:
If our research confirms that Phorm places an opt-out cookie on the desktop PC, we will evaluate if it safe to remove it without re-opting the customer back into the Phorm tracking mechanisms.
If the cookie cannot simply be removed but we can find a reliable method to detect the Phorm service, and the Phorm service was evaluated and identified using our threat matrix, we will then endeavour to alert our customers of its existence.
Naturally we encourage all companies involved in handling, monitoring or storing personal information, such as web-surfing behaviour, to prominently disclose whether there is information being supplied or used by a third-party. Ideally any service with privacy implications should require users to consciously opt-in after they know all the facts. PC Tools is a significant player in consumer desktop security because its Spyware Doctor software is bundled with the Google Pack. We are waiting for responses from Symantec and McAfee, the two largest anti-malware vendors.
| |
| mikenolan7
Premium
join:2005-06-07
Torrance, CA
·Sprint Mobile Broa..
| I don't think I explained my point very well. The reason that this privacy intrusion exists is because there is an accessible revenue stream. If we cut off the revenue stream (which is ads reaching our desktops), we will stop this invasion into our privacy.
If everyone were to block ads from reaching their desktops, many privacy invasions would dry up and go away. If enough people do it, they will determine who is, and who isn't, and not waste money tracking people who are blocking ads.
The reason we all get spam is because it is nearly free to send. Keeping track of the online movements of people will be expensive, when compared with collecting email addresses. That's why it has taken longer for this approach to profiting from the internet to come about.
The key to solving online issues is not always technology and regulation. Sometimes the best approach is to follow the money. | |
| |
ilago
Premium
join:2005-06-28
Australia
·Internode
| Re: ISP Based Contextual Advertising said by mikenolan7 :If everyone were to block ads from reaching their desktops, many privacy invasions would dry up and go away. If enough people do it, they will determine who is, and who isn't, and not waste money tracking people who are blocking ads. ..snip... The key to solving online issues is not always technology and regulation. Sometimes the best approach is to follow the money. If everyone blocked all ads, a huge number of valuable websites would disappear. That is a separate issue.
I had actually lost hope of anyone being interested in this 
I did a lot of homework before posting originally. Kudos to "The Register" for following this up in depth in the face of apathy on the part of the mainstream media.
Up until now, few ISPs have pulled stunts like this.
DePhormication - I'm not seeing how anything you do with your browser at your machine can stop your data being handled by the Phorm hardware in your ISPs hardware. The interception of data does not appear to be at software level or at your machine. The first hop is through the hardware at your ISP. You can't bypass your ISP as the first hop of your connection. With Phorm or similar technology installed that first hop is through their hardware and then referred to the webpage you've requested. Your ISP password is not yours if it is processed through other hardware?
ISP customers pay for a service not a degraded response while some piece of third party commercial interest hardware processes my requests. I'm not in the Phorm line of fire in Australia ..... yet.
How can you safely do academic research or safely conduct confidential commercial with this level of "interception" that could be so easily abused and developed by a known malware provider?
So much for Safe Hex and good security practise.
This appears to be the patent
»www.freshpatents.com/Targeted-ad···cription
Referenced and discussed here:
»www.politicalpenguin.org.uk/blog/p,295
This is a US patent and Phorm is registered in Delaware. With that patent do they end up with a monopoly in this area which is, in fact, the worst possible future for internet.
This opens the door even wider for other types of interception and once the hardware is installed. With a monopoly the technology can be licensed and the data onsold to anyone. Can other malware providers, security services, vested interests such as a well known fiction based commercial cult, pay Phorm for access to this level of "interception" once it is in place. It would be out of the hands of your ISP if that is the case.
Phorm are saying "Trust us, we know what we are doing". They might know, but we don't.
I'm having difficulty finding the technical details about the hardware. Switching processes at ISP level are not my area of expertise. | |
| | | SUMware
Premium
join:2002-05-21
1 edit | Re: ISP Based Contextual Advertising said by ilago :DePhormication - I'm not seeing how anything you do with your browser at your machine can stop your data being handled by the Phorm hardware in your ISPs hardware. The 'theory' is that the user must be given the opportunity to 'opt-out' of Phorm's service. This is achieved by setting a cookie. Phorm claims that it will honor such requests and will not monitor said users.
Dephormation claims that said by Dephormation :
With each page you view in your browser, a Phorm 'opt out' cookie is set automatically, and the Phorm UID cookie is randomised. Even if you delete all your cookies regularly.
The Dephormation Add On ensures that your decision to opt out of Phorm profiling cannot be undone.
Optionally, the Add On can also alert you to sites using Phorm/Webwise/OIX profile based advertising.
Time (and investigations) will tell if this will continue to be SOP with Phorm, similar organizations & cooperating ISPs.
In the meantime they'd like us to trust them. | |
| | | | | | |
ilago
Premium
join:2005-06-28
Australia
·Internode
| Re: ISP Based Contextual Advertising Thanks SUMware, I've been following the Register information fairly closely 
As far as I can see from the Hardware Architecture Diagram, there is NO way that the first hop can avoid the Phorm interception, regardless of the protocol being used for accessing the network. It is the Phorm equipment, not the ISPs, determining whether you've opted out.
I find giving a known malware developer access to all users' internet activities at hardware level in the name of advertising to be appalling. | |
| | | | | SUMware
Premium
join:2002-05-21
| Re: ISP Based Contextual Advertising said by ilago :Thanks SUMware, I've been following the Register information fairly closely No problem. Kinda stumbled upon that Reg page without expecting it.
said by ilago :As far as I can see from the Hardware Architecture Diagram, there is NO way that the first hop can avoid the Phorm interception, regardless of the protocol being used for accessing the network. It is the Phorm equipment, not the ISPs, determining whether you've opted out. Yep. Agreed. Do ya think we can trust them? 
said by ilago :I find giving a known malware developer access to all users' internet activities at hardware level in the name of advertising to be appalling. Yes, absolutely.
As you've previously indicated, it's amazing that this stunning issue, and its related security/privacy/technology/legal implications, haven't (yet?) attracted the attention that it deserves. Even here many readers seem to be ignoring this.
Your post did attract my attention immediately. Thanks again! | |
| | SUMware
Premium
join:2002-05-21
| Keeping score: an update from The Register
14th March 2008 - quote:
Security firms are split about whether they will classify Phorm's targeting cookies as adware.
Kaspersky Lab, whose anti-virus engine is licensed to many other security vendors, said it would detect the cookie as adware. However, AVG, developer of the most widely used free of charge anti-virus scanner, said it would not detect Phorm's cookie even though the Czech firm's CTO Karel Obluk describes the technology as "borderline".
As previously reported, Trend Micro said there was a "very high chance" that it would add detection for the tracking cookies as adware. PC Tools echoed Trend's concerns about privacy and security, urging Phorm to apply an opt-in approach.
Specialist anti-spyware firm Sunbelt Software also expressed concerns, saying Phorm's tracking cookies were candidates for detection by its anti-spyware software.
Webroot, another prominent anti-spyware firm, reported difficulties at getting samples of Phorm's tracking cookies for evaluation purposes.
We polled a number of security firms on their attitudes to Phorm. We are waiting for responses from Symantec and McAfee, the two largest anti-malware vendors, as well as Check Point, which markets the popular Zone Alarm personal firewall.
| |
| |
ilago
Premium
join:2005-06-28
Australia
·Internode
| Re: Security firms split over Phorm classification A further reference I dug up which is somewhat scary if anyone doesn't think this has further to go.
quote:
Hi all,
I've been seeing lots of hits from Russia on Dephormation.org.uk from
IP
address 78.110.48.130. Badphorm.org.uk is getting the same.
»groups.google.com/group/news.adm···f106739b
Phorm's share price seems to be taking a dive, but that doesn't mean this issue is going away. | |
| | | SUMware
Premium
join:2002-05-21
| Re: Security firms split over Phorm classification Well, that puts a potentially very interesting spin on things!
Today's news:
BT confesses lies over secret Phorm experiments
17th March 2008 - quote:
BT has admitted that it secretly used customer data to test Phorm's advertising targeting technology last summer, and that it covered it up when customers and The Register raised questions over the suspicious redirects.
The national telecoms provider now faces legal action from customers who are angry their web traffic was compromised.
FIPR claims Phorm technology breaches UK law
March 17, 2008 - quote:
The Foundation for Information Policy Research (Fipr) has issued an open letter to the Information Commissioner Richard Thomas, claiming that Phorm’s ad serving technology is illegal in the UK.
According to Nicholas Bohm, general counsel at Fipr, both parties must consent to interception in order for it to be lawful, according to the Regulation of Investigatory Powers Act.
He says that Phorm’s system is like the Post Office opening letters to see what the recipient is interested in, and then targeting them with relevant junk mail.
| |
| | | | | | | | | SUMware
Premium
join:2002-05-21
| Re: Security firms split over Phorm classification said by ilago :In amongst the "usual" on Slashdot today was this little gem in a thread on Tim Berners-Lee objections. I'd read the Berners-Lee piece at BBC "Web creator rejects net tracking". Thanks.
This article "Some notes from the Phorm sales pitch" is excellent and highly revealing! Great post. Thank you. | |
| | | | | | Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: Security firms split over Phorm classification God, that article is absolutely bone chilling.
From the above article:
"Even if Phorm is stopped dead tomorrow, the business conditions and legal loopholes are still present to encourage ISPs to try this again and again, and it will certainly be much worse in the US where there is absolutely no legal protections at all, and a ready market for personal data."
I'm sure my ISP (big cable company) is probably salivating at the idea of using this. I installed the Dephormation Firefox extension but it only protects Fx if my ISP were to institute this. Phorm could read everything else on my computer including emails and Instant Messaging. From other posts in this thread, I read which AV vendors will be detecting the phorm cookies and which won't (AVG!) and my AV vendor was not mentioned so I have posted in the Avira forum and asked if they are/will block the cookies and if they say "no" then I will get another AV that does.
The truly depressing and frightening thing here though is that while Phorm may die after what Berners-Lee and others are saying, it will only mean they will reincarnate later with a different name, and slightly different approach, and the ISPs, especially here in the USA, will try again to institute this total tracking of their users and it will easier going here.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
| | | | | | | Just Basics
join:2003-06-08
Painter, VA
| Many of use have already given our ISP the rights to do most anything they want by using their services. I don't use them but here is the T.O.S. from NetZero as an example:
Collection and Use of Personal Information. NetZero will collect, store, compile and utilize information about you, your computer, your phone number and your use of the NetZero Services including, without limitation, information regarding the Web sites you visit and information that you provide in response to NetZero questionnaires, surveys and registration forms. NetZero may provide this information to third parties including advertisers, clients, marketing organizations and others as further set forth in NetZero's Privacy Statement.
Again, I don't use NetZero but my ISP has a similar T.O.S. - check yours and you may be surprised at what you will find.
Some ISP's are already using:
»www.nebuad.com/
»www.adzilla.com/
My ISP was using the Coretel network and the transparent proxy from adzilla - here is a link to a rant about their services:
»www.sendcoffee.com/minorsage/adzilla.html
A way to detect any page changes made by your ISP:
»vancouver.cs.washington.edu/#results
I've never seen any but I still check occasionally. | |
| | Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: ISP Based Contextual Advertising That page says it detected a change on every page. But it is a poorly constructed web page with nothing to click on to see the "further information". Plus, what is there is text on top of text and boxes on top of boxes. I assume that the changes it picked up were from the Proxomitron. I used Fx 1.5 which is my main browser. It said it assumes one uses a "modern" browser and only evidently likes Fx 2. Well, Fx2 has just been proven yet again to be inferior to 1.5 privacy wise. That page should accept Fx 1.5 I think. I'm not sure the version of Fx is why there is nothing clickable there. The page refused to stop loading also even when it said "done" in the status bar.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
| 
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Oh wow, I had never heard of Phorm until one our Researchers asked me to proofread a blog post he was preparing for the Lavasoft Research Blog. He was livid about this practice (and his blog post was just fine )
»www.lavasoft.com/support/securit···g/?p=203
He was wondering if he was ranting too much LOL.
I'll be sure to point him to this topic! Thanks guys, I know he'll be interested.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2008
Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
| | |
ilago
Premium
join:2005-06-28
Australia | I wonder when the "Phorm Comms Team" or the "Tech Team" will post in this thread?
They have posted in almost every other forum I've found that relates to Phorm. | |
| Just Basics
join:2003-06-08
Painter, VA
| Taken from a discussion at this link:
»www.digitalspy.co.uk/forums/show···t=759341
-----------
Quote
Whether you "opt-out" by having the actual "opt-out cookie" or by simply blocking Phorm/Webwise cookies, your data is still mirrored to the "Profiler" equipment located at the ISP, which although allegedly owned by the ISP still runs Phorm's software & exists solely to profile your browsing data. "Opting-out" just means that you don't get the "benefit" of targeted adverts, plus allegedly your data does not pass from the "Profiler" to Phorm's own servers.
End quote
Quote
I think this is the much more worrying side to the problem, and something a lot of people seem to be missing. The opt-out given by Phorm really isn't an opt-out at all - it stops the targeting advertising, but all your requests are still going through their servers, you no longer have a direct internet connection, and they still get to profile you.
The cookie and the firefox addon are just saying "dont show me targetted advertisements", it isn't stopping what's happening behind the scenes, your privacy is still being violated, and because it's on the ISP network there's not really anything you can do about it.
End quote
Although the delivery is somewhat different than Adzilla which uses a transparent proxy the end result is still the same. You will be sharing your browsing habits and will be profiled by a third party.
This all could really be a great selling point for an ISP that does not Create a Richer Browsing Experience for their customers. I'd sign up in a minute! | |
| | SUMware
Premium
join:2002-05-21
2 edits | Possible Regulation? said by Just Basics :The opt-out given by Phorm really isn't an opt-out at all - it stops the targeting advertising, but all your requests are still going through their servers, you no longer have a direct internet connection, and they still get to profile you. This angers the NSA/CIA/FBI who want to be the first in line to monitor your entire data stream.
-
A Push to Limit the Tracking of Web Surfers’ Clicks quote:
After reading about how Internet companies like Google, Microsoft and Yahoo collect information about people online and use it for targeted advertising, one New York assemblyman said there ought to be a law.
So he drafted a bill, now gathering support in Albany, that would make it a crime — punishable by a fine to be determined — for certain Web companies to use personal information about consumers for advertising without their consent.
And because it would be extraordinarily difficult for the companies that collect such data to adhere to stricter rules for people in New York alone, these companies would probably have to adjust their rules everywhere, effectively turning the New York legislation into national law.
“Should these companies be able to sell or use what’s essentially private data without permission? The easy answer is absolutely not,” said the assemblyman who sponsored the bill, Richard L. Brodsky, a Democrat who has represented part of Westchester County since 1982.
Mr. Brodsky is not the only lawmaker with this idea. In Connecticut, the General Law Committee of the state assembly has introduced a bill that focuses on data collection rules for ad networks, the companies that serve ads on sites they do not own.
The New York bill, still a work in progress, is shaping up as much broader. Although it is likely to see some tinkering before it comes to a vote — which Mr. Brodsky hopes will happen this spring — it aims to force Web sites to give consumers obvious ways to opt out of advertising based on their browsing history and Web actions.
If it passed, computer users could request that companies like Google, Yahoo, AOL and Microsoft, which routinely keep track of searches and surfing conducted on their own properties, not follow them around. Users would also have to give explicit permission before these companies could link the anonymous searching and surfing data from around the Web to information like their name, address or phone number.
Because there is no federal legislation on these subjects, Mr. Brodsky’s bill — and, to a lesser extent, the one in Connecticut — could set interesting precedents.
In recent weeks, Microsoft and Yahoo have sent lobbyists to meet with Mr. Brodsky, and AOL, a unit of Time Warner, is planning a meeting. Unlike most Web companies, Microsoft favors legislation about online privacy and advertising practices and has lobbied federal lawmakers to establish regulations, said Michael Hintze, associate general counsel for Microsoft.
Microsoft asked Mr. Brodsky to broaden his bill to include all sorts of companies that serve ads around the Web, not just those that show ads based on users’ behavior. Such a change would create a bill that more clearly includes Microsoft’s chief competitor, Google.
Mr. Brodsky says he has asked the Web companies point-blank if they would support legislation similar to what he has proposed. Microsoft gave him a firm “yes,” but Yahoo, he said, seemed to be opposed to any sort of regulation. Yahoo declined to comment on its meeting with Mr. Brodsky.
-
ISP Tracking: The Mother of All Privacy Battles quote:
Big companies like AOL, Microsoft and Yahoo, and smaller ones like Revenue Science, are gathering various crumbs about online behavior to use in their advertising systems. They are limited to gathering data from their own sites and their networks of affiliates.
Eventually, cellphone companies will start to face the same choice. If there is a G.P.S. unit in your phone, it will be able to keep track of what stores you visit, among many other things.
All these partial schemes may well be rendered as useless as a blindfolded spy by some new companies that want to tap into the records of Internet service providers. Their objective: following every single click users make. That way, in theory, they have the best ability to find ads that can indulge each users passion of the moment. Among the companies trying to build out this sort of system are Phorm, NebuAd, FrontPorch.
| |
| | |
ilago
Premium
join:2005-06-28
Australia
·Internode
| Re: Possible Regulation? This is on the news page here. It refers to the Register article I linked to earlier.
"Rootkit and spyware developer turned behavioral advertising firm Phorm has agreed to let an independent analyst inspect the source code for their controversial browsing history tracking technology. Like NebuAD in the States, the company pays ISPs to install deep packet inspection hardware on their network to track user behavior. Unlike NebuAD, Phorm has a pretty shady history in spyware, and is trying to convince UK users that the ISP money-grab is really an anti-phishing solution. Both companies are fighting an uphill battle in gaining consumer trust."
»Phorm Opens Source Code For Inspection
I don't have much faith in the code inspection. It needs ongoing compliance and independent auditing. It could be changed remotely within a few minutes once it's in place. These guys are experts at that  
Thanks for this reference SUMware.
quote:
If it passed, computer users could request that companies like Google, Yahoo, AOL and Microsoft, which routinely keep track of searches and surfing conducted on their own properties, not follow them around. Users would also have to give explicit permission before these companies could link the anonymous searching and surfing data from around the Web to information like their name, address or phone number.
Because there is no federal legislation on these subjects, Mr. Brodsky’s bill — and, to a lesser extent, the one in Connecticut — could set interesting precedents.
| |
| | | Just Basics
join:2003-06-08
Painter, VA
| SUMWare, I don't care if a Federal Agency monitors my every movement on the internet - but that is just my own opinion. There have already been many discussions on this topic and what it boils down to is whether using the internet is a right or a privilege. I consider it a privilege and pay my ISP for that privilege.
What I do care about is that my information is shared with a third party for profit without my knowledge which has already happened. Whether it happens at the ISP level or a server along the line makes little difference to me.
What really concerns me is the apathy that is apparent in this thread about a subject that could forever change the internet.
Where are the indignant people who object strenuously when a website sets a tracking cookie? Where is the outrage that was caused by the Sony rootkit or Windows validation? And the list goes on.
It leads me to think that most really don't care whether their connection to the internet is compromised at the ISP level and their ISP is willingly co-operating with what is no more than an advertising agency.
Do you really trust your ISP enough to not share even more of your personal information with this third party? How about your name, address and even credit card information they have on file? What is to prevent them from doing so? | |
| | | | SUMware
Premium
join:2002-05-21
2 edits | Re: Possible Regulation? said by Just Basics :What really concerns me is the apathy that is apparent in this thread about a subject that could forever change the internet. Where are the indignant people who object strenuously when a website sets a tracking cookie? Where is the outrage I agree. | |
| | | | 
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
1 edit | quote:
Where are the indignant people who object strenuously when a website sets a tracking cookie? Where is the outrage that was caused by the Sony rootkit or Windows validation? And the list goes on.
Sleeping.
Seriously though this is one of those events that requires users to do more then complain in a form about something. Letter writing, fire of an email of the users displeasure stating factual information about why this should not be allowed to happen to their political reps etc... This one actually requires users to do some legwork but unless there is an incentive for the ISPs not to allow this it will happen. It is all about money.
quote:
What I do care about is that my information is shared with a third party for profit without my knowledge which has already happened.
Same here yet what controls are in place to stop the more obvious routes of personal loss/trade/sold/stolen/shoddy handling etc...?
Now if all of the ISPs jump on this bandwagon the usual threats by users to switch ISPs just will not cut it and I doubt that the majority of online users are going to hang up their router/modem unless the ISPs put a halt to the practice if and when it happens on a wide scale basis.
Edit* Added more info. | |
| Mele20
Premium
join:2001-06-05
Hilo, HI
| According to the NY Times, Phorm will be coming to major USA broadband ISPs very soon:
"A Company Promises the Deepest Data Mining Yet
Amid debate over how much data companies like Google and Yahoo should gather about people who surf the Web, one new company is drawing attention — and controversy — by boasting that it will collect the most complete information of all.
The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider. The trick for Phorm is to gain access to that data, and it is trying to negotiate deals with telephone and cable companies, like AT&T, Verizon and Comcast, that provide broadband service to millions."
»www.nytimes.com/2008/03/20/busin···business
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
| | |
anon101
@cox.net
| Wow, what people will do to "enhance my viewing experience". Wow, "targeted advertising". Now I will see all blow-up doll ads when I go to disney.com. Wow, I can't wait.
This sounds very similar to what Homeland Security is doing now. Maybe that's where they got the idea from.
| |
| SUMware
Premium
join:2002-05-21
1 edit | Here's another:
Project Rialto
A Stealth Company Created by Alcatel-Lucent
Sr. Engineer – Data Mining and Modeling – Mountain View, CA [excerpted]:
We are designing high-performance algorithms and developing reliable, fault-tolerant and scalable real-time systems that can handle massive volume of data for in-depth analysis of user behavior to enable targeted advertising.
Essential Job Functions
- Develop high-performance algorithms for precision targeting
- Research and investigate academic and industrial data mining, machine learning and modeling techniques to apply to our specific business case
Requirements
- Ph.D. in computer science or related
- 3+ years industry experience in data mining and machine learning.
- Internet advertisement technology and distributed computing related experience highly desirable. | |
| | | |
|
